CONSUMER PRIVACY
NOTICE

We take the privacy of our consumers seriously. This notice tells you who we are, what information about you we collect, and what we do with it. We will process information about you only in accordance with applicable laws. Click on “find out more” in each section for further information.

This is a global notice and explains our general practices.  Where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with applicable local law.  For anything not contemplated by this notice, we may issue a supplemental notice. You should read any supplemental notice in conjunction with this notice.

In the section introduced as “What rights and options do you have?”, you can also find information about your rights.

 

Who are we?

We are Rashideen RRP Tobacco Trading L.L.C a limited liability company as per commercial license number 936793, having our registered address at: P.O Box 61544, Dubai, the authorized distributor of PMI products in the United Arab Emirates.

Our details (name, address, etc.) will have been given to you separately at the time of (or to confirm) the collection of information about you, for example, in a notice, on an app or a website, or in an e-mail containing a link to this notice. Please use these details if you wish to contact us in relation to the processing of your personal data.

FIND OUT MORE

  • ‘Philip Morris International or PMI means Philip Morris International, a leading international tobacco group headquartered in Lausanne, Switzerland. It is made up of a number of companies or “affiliates”.
  • PMI product: means a product of PMI or one of its affiliates.

How do we collect information about you?

We may collect information about you in various ways.

You may provide us with information directly (e.g. filling in a form, making a call to us, or uploading information to us via a mobile app).

We may collect information automatically when you interact with our systems or we communicate with you (e.g. when you use one app or website administered by us, or, where we use technologies to observe when you receive or open e-mails or receive SMS messages).

We may also collect information from third parties (e.g. publicly-available information, information on social media platforms such as Meta and X). For example, where permitted by law, we may infer information about you from aggregated information we acquire from third parties. By way of example, this may include statistical information about people in certain geographical areas.

In this notice, we refer to all the methods by which you are in contact with us as “Touchpoints”. Touchpoints include both physical touchpoints for example, retail outlets, (these include both  retail outlets operated directly by us and third party retail outlets), events, (these include events arranged by us and third party events at which we are present with PMI products), consumer contact centres, and digital touchpoints (for example, apps, social media and websites).

 

FIND OUT MORE

We may collect information that you provide directly. Typically, this will happen when you:

  • sign up to be a member of a databases operated by us (including loyalty programs), which will include performing age verification (this could be in person, via an app, or online, including AI analysis of your face);
  • request information about PMI products, which may include age recognition (this could be in person, via an app, or online, including AI analysis of your face);
  • purchase PMI products or services at a retail outlet;
  • download, or use, a digital Touchpoint operated by us (e.g. an app or a website);
  • contact us through a touchpoint, or by e-mail, social media or telephone;
  • register a device with us;
  • subscribe to a panel portal operated by us;
  • register to receive press releases, e-mail alerts, communications or other materials related to PMI products or our operations;
  • participate in surveys or (where permitted by law) competitions or promotions; or
  • engage with one of our sales representatives or attend an event that a PMI affiliate has organised.

We may collect information from an electronic device, if you choose to share the information with us. This may be shared with us through a direct connection to the internet, or via one the apps administered by us that you have downloaded.

We may collect information about you automatically. Typically, this will happen when you:

  • visit one of the outlets that we operate and  that sells PMI products (for example, by collecting your data at check-out, or through sensors at the outlet that connect with mobile technology);
  • attend an event that we have organised (for example, through purchases at the event or through sensors at the event that connect with mobile technology);
  • communicate with us (for example, through a touchpoint, or social media platforms);
  • use digital Touchpoints that we may operate, for example, through tracking mechanisms (such as cookies, web beacons/pixels and other tracking technologies such as device identifiers);
  • use third party websites (for example, using technology similar to that described in the bullet above);
  • make public posts on social media platforms that we follow (for example, so that we can understand public opinion, or respond to requests concerning PMI products); or
  • are referred to us by another consumer of PMI products.

As mentioned above, we may collect information about you automatically through the use of cookies and similar tracking technologies if you agree to (or do not opt out of) their use when you visit the digital Touchpoints we operate. The specific cookies and other tracking technologies used will depend on the touchpoint in question. To learn about the mechanisms used on a particular Touchpoint, including how you can accept or refuse them, please see the information made available on, or through, that touchpoint. You should review the privacy notice of these providers to see how they process personal data about you. These mechanisms may include Google analytics cookies (see www.google.com/policies/privacy/partners/.)

We use these cookies and other tracking technologies to conduct digital personalized communication that is relevant to you, using various partners. This may involve matching the email addresses and mobile phone numbers that we hold for you with the email addresses of our communication partners, to show you the most relevant digital communication (where permitted by law). We only do this where you have given us consent (or have not opted out of data sharing according to applicable law). Sometimes we may also process information about you to build lookalike profiles. This allows us to generate similar audiences for prospective customers (who may have similar interests or demographics to you) through platforms like Google, based on data that the communication platform holds about other people. Usually this means sharing your email address with our communication partners.

In addition, where permitted by law, we may acquire information about you from third parties. This may include information shared with PMI affiliates, publicly available profile information (such as your preferences and interests) on third party social media sites (such as Facebook and X),  consumers lists and supplementary information acquired from third party agencies. For such data, we may act as an independent controller in certain cases, or a joint controller with the third party in relation to these processing activities.

Where you log in to your account using a social media account (e.g. Facebook, Google, etc.) we have no control or influence over the data that social networking site collects via that plugin or link. For more information, please consult the relevant data privacy notice of these third parties.

 

We may also collect information in other contexts made apparent to you at the time.

What information about you do we collect?

We may collect various types of information about you such as:

  • information about your orders, including information necessary to fulfil them
  • information necessary to provide warranty services
  • information about the referrals you make
  • information you give us in forms or surveys, and similar information that you give to third parties to be transferred to us
  • information about your location, where you choose to share it with us (for example, on your mobile phone)
  • information about your visits to our outlets or events (or outlets or events of others with whom we work)
  • information you give us in communications (e.g. letters, calls, chats, e-mails, SMS and instant messages)
  • information about your preferences and interests (including information that we infer from other information, for example from statistical information)
  • information necessary to verify your age such as identification documents or using AI analysis of your face
  • information generated by your electronic device (for example, IQOS), if you choose to share it with us
  • information about your experience of using PMI products and our services
  • statistical information about you (for example, statistical information about people in certain geographical areas)
  • information that may relate to adverse events (such as any unwanted health effect when using one of PMI products) when you report them to us
  • information about you that we acquire from third parties, where you agreed that the third party can share your data with others.

 

FIND OUT MORE

Information that we collect from you directly will be apparent from the context in which you provide it. For example:

  • if you order a product from us through a Touchpoint, you provide your name, contact, billing details, payment methods, and the products you have chosen so that we can fulfil your order;
  • you may provide information on your product preferences, interests and experience so that we can offer you products and services that will interest you, and to improve PMI products and our services;
  • if you make an appointment to see us (or someone supporting PMI products or our services), we may collect your name and contact details;
  • we may collect information that enables us to verify your age, for example a copy of an identity document or your facial image (either as a photograph or a video);
  • if you have downloaded one of the apps we administer, we may ask to use your location (even when the app is closed or not in use) for certain features. For example, the “find my IQOS” feature helps you find your device if lost, and it won’t work properly if you don’t share your location. We don’t keep the location data. It will only be used to allow these features and only if you agree to share this data by agreeing to the respective in-app disclosures;
  • if you communicate with one of our contact centres, you may give us information, for example about your experiences using PMI products and our services, to allow us to deal with your requests.

Information that we collect from an electronic device, if you choose to share the information to us. This may include, for a PMI electronic device, information about the device itself (such as holder serial number, charger serial number, firmware version, device errors).

Information that we collect automatically will generally concern:

  • details of your visit or call (such as time, date, and duration);
  • audio or video recordings (where permitted) of your calls or visits to Touchpoints, which we may transcribe to text format;
  • your visits to sales outlets or participation at events (including areas in the immediate vicinity), how frequently you visit, which areas you visit and for how long, and which purchases you make;
  • your use of digital Touchpoints we operate (such as the pages you visit, the page from which you came, and the page to which you went when you left, search terms entered, or links clicked within the touchpoint, when you first open the touchpoint, for how long you use it, and how you interact with messages we send you or communication we show you); we may use cookies and similar tracking technologies (such as pixels/web beacons) to do this;
  • your use of third-party websites, where the information collected will be similar to that described in the bullet above (we may use cookies and similar tracking technologies (such as pixels/web beacons) to do this);
  • your mobile or desktop device and software (such as your IP address or unique device identifier (for example, mobile advertising identifier (MAID) or Android ID (SSAID)), location data (either your general location (derived from your IP address, in which case the information we have will be general, e.g. the town you are in), or your precise location (if you choose to share it with us for specified purposes, e.g. store locator)), device brand and model, the display settings of your monitor, web browser type, operating system, (some of which may be used in “digital fingerprinting” (see for what purposes we process information about you, below)) and details of any cookies (or similar technologies) that we may have stored on your device);
  • if you return your PMI electronic device to us, we may extract data from the device in order to check why that device has stopped working. If you take your device to one of our stores because it is faulty, we will only extract data where you agree to share the data it holds with us;
  • Where permitted by law, we may infer information about you from information about you that we already have. For example, we may analyse your interactions with us to conduct segmentation and profiling to improve PMI products and our services, customize our offers and communications to you, or we may use aggregated information about people in certain geographical areas, that we acquire from third parties, to infer your preferences.

Information that we collect from third parties will generally consist of publicly available information (such as your preferences, interests and experiences), for example from public social media posts.

 

For what purposes do we use information about you, and on what legal basis?

In this section, we describe the purposes for which we use personal information. However, this is a global notice, and where the laws of a country restrict or prohibit certain activities described in this notice, we will not process information about you for those purposes in that country.

Subject to the above, we process information about you for the following purposes:

  • To comply with regulatory obligations, such as verifying your age and status as a user of PMI products or to report data related to adverse events.
  • To (if applicable) lend or sell PMI products to you, including fulfilling your orders and processing your payments
  • To provide sales-related and product support services to you, including dealing with your inquiries and requests, and providing warranty and support services including personalized support and insights on the use of PMI products
  • To market PMI products and our services (where permitted by law), including administering loyalty programs and referral programs, product improvement, market research (including demonstrating fair practices in market research), developing commercial strategies, creating personalized offers and communications, administering communication campaigns, creating and executing targeted digital communication on websites that you visit or to build lookalike audiences to target prospective customers (who may have similar interests or demographics to you), customizing your interactions and experience with us, for example at outlets that sell PMI products, events, customizing the content of messages we send to you, communication we show you or interactions we have with you.
  • To understand whether you are still engaged with our communication and whether you wish to continue to receive it
  • For us or our business partners to inform you of potential opportunities in relation to PMI products
  • To enable you to use, and improve your experience of Touchpoints and PMI electronic devices
  • To support all the above, including administering your accounts, corresponding with you, managing your appointments with us or with someone supporting PMI products or our services (for example, regarding a new product, or after-sales service), customizing your experience of Touchpoints, fraud prevention (for example in the context of our promotions, competitions and surveys, to ensure that they are not taken more than once by the same person, or in the context of e-commerce to protect cardholder and account information), personnel training and quality control, and administration and troubleshooting
  • For business analytics, statistical or scientific purposes, including improving PMI products (for data collected from PMI electronic devices, this will apply if you have chosen to send the information to us for these purposes or if you return a device to us) and services, outlets and events, and the information that we (or our affiliates) provide to you
  • For other purposes that we notify you of, or will be clear from the context, at the point information about you is first collected

The legal basis for our use of information about you is one of the following (which we explain in more detail in the “find out more” section):

  • compliance with a legal obligation to which we are subject;
  • the performance of a contract to which you are a party;
  • a legitimate business interest that is not overridden by interests you have to protect your data;

where none of the above applies, or where the law requires it, your consent (which we will ask for before we process the information).

 

FIND OUT MORE

The purposes for which we process information about you, with corresponding methods of collection and legal basis for use, are:

 

1-     Comply with regulatory obligations

·       verify your age and status as a user of PMI products (depending on the country and on the Touchpoint, this can be a manual or an automated process; in some countries you will upload or give us access to your facial image (photograph/video), which will be reviewed by AI solutions to automatically determine your age (but without identifying you).

· Report adverse events related to PMI products

This information is generally provided to us by you directly.

We use it because it is necessary for us to comply with a legal obligation to sell products only to adults and to monitor the safety of such products, or, in countries where there is no such legal obligation, because we have a legitimate business interest to sell PMI products only to adults and ensure the safety of such products that is not overridden by your interests, rights and freedoms to protect information about you.

2-     Lend or sell PMI products

·       fulfil your orders (including sending receipts)

·       process your payments

·       provide warranty and support services

This information is generally provided to us by you directly (typically, name, address, e-mail address, payment information).

We use it to discharge our contractual obligations to you as a buyer or borrower of PMI products.

3-     Provide sales-related and product support services

·       deal with your inquiries and requests, and information about your experience with PMI products and our services

· provide you with personalized support on device usage   

 ·       correspond with you

·       general administration and troubleshooting

·       administer loyalty programs

This information is generally provided to us by you directly but may be combined with information that we collect automatically (for example, using technology (such as cookies and web beacons/pixels) to monitor your use of Touchpoints and e-mails from us), and using similar technology to monitor your use of third party touchpoints; and (where permitted by law) information that we acquire from third parties (such as public social media posts).

We use it because we have your consent to do this (these cases will be clear from the context); or we have a legitimate business interest in providing sales-related and product support services to our customers that is not overridden by your interests, rights and freedoms to protect information about you.

4-  Market PMI products (where permitted by law)

·       understand your preferences (such as what products or events may interest you or may be better tailored to your needs) and, where permitted by law, market to you personally

·       understand whether you are still engaged with our communication and whether you wish to continue to receive it

·       administer loyalty and referral programs

·       invite you to participate in, and administer, surveys or market research campaigns

·       for market research, and for demonstrating fair market research practices

·       develop commercial strategies

·       administer communication campaigns

·       customize your experience of Touchpoints (for example, to personalize your visit, such as with greetings or suggestions that might interest you)

This will typically be a combination of information that you provide to us (for example, your name and contact and social media details); information that we collect automatically (for example, using technology (such as cookies and web beacons/pixels) to monitor your use of Touchpoints and electronic messages (e.g. e-mails and SMS) from us), and using similar technology to monitor your use of third party touchpoints; and (where permitted by law) information that we acquire from third parties (e.g. public social media posts, and statistical information).

We use it on the grounds that we have a legitimate business interest to market PMI products and our services that is not overridden by your interests, rights and freedoms to protect information about you.

In certain countries, where required by law, we will send you these materials in electronic format, and use these technologies, only with your consent.

5-     Market PMI products (where permitted by law) (continued)

·       provide you with information about and manage (if permissible) promotions, products and services, outlets, events and the regulation of PMI products

·       customize your experience with us, for example with customized messages and offers we send you, or communication we show you

· allow us or our business partners to inform you of potential opportunities regarding PMI products or any regulatory changes that may affect our ability to provide you with certain products

 · develop and improve tools to pursue these purposes

This will typically be a combination of information that you provide to us (for example, your name and contact and social media details); information that we collect automatically (for example, using technology (such as cookies and web beacons/pixels) to monitor your use of Touchpoints and electronic messages (e.g. e-mails and SMS) from us), and using similar technology to monitor your use of third party touchpoints; and (where permitted by law) information that we acquire from third parties (e.g. public social media posts, and statistical information).

We use it on the grounds that we have a legitimate business interest to market PMI products and our services that is not overridden by your interests, rights and freedoms to protect information about you.

In certain countries, where required by law, we will send you these materials in electronic format, and use these technologies, only with your consent.

6-     Use of Touchpoints and PMI electronic devices

To enable you to use, and improve your experience and usage of, Touchpoints and PMI electronic devices

This information, if you choose to send it to us, will be sent to us either directly from the device’s own connection to the internet, via one of our apps that you may download, or via the various retailer touchpoints.

This may include information  about the device itself (such as holder serial number, charger serial number, firmware version, device errors).

We use it because we have your consent to do this (these cases will be clear from the context) or because we have a legitimate business interest to provide you with support for Touchpoints and PMI electronic devices, which is not overridden by your interests, rights and freedoms to protect information about you.

7-     Supporting our relationship with you

·       administering your accounts

·       enabling you to use Touchpoints (for example, allowing you to remain logged in to sections of a touchpoint that are reserved for authorized users only, administering your language preference, associating your shopping cart with you, enabling certain features of the Touchpoint, e.g. the “find my IQOS” feature (where you choose to share your location))

·       corresponding with you

·       managing your appointments with us or with someone supporting PMI products or our services (for example, regarding a new product, or after-sales service)

·       enhancing your experience

·       fraud prevention (for example in the context of our – if permissible - promotions, competitions and surveys, to ensure that they are not taken more than once by the same person, or in the context of e-commerce to protect cardholder or account information)

·       personnel training and quality control (including using transcriptions of recordings of calls to contact centres to produce aggregated insights), and administration and troubleshooting

This will typically be a combination of information that you provide to us (typically, name, password (or equivalent)) and information that we collect automatically (for example, information about your device, and cookies and similar tracking technologies, and (where permitted) recordings of your calls (and transcriptions of those recordings) or visits to Touchpoints).

We use it on the grounds that correspond to the purpose for using the information that we are supporting. For example, where we administer your account to support a purchase or to provide after-sales service, we use the information to discharge our contractual obligations to you as a buyer of PMI products; where we administer your account to show you PMI products,  we use it on the grounds that we have a legitimate business interest to market PMI products that is not overridden by your interests, rights and freedoms to protect information about you.

8-     Business analytics and improvements

For business analytics, statistical or scientific purposes, including for improving PMI products (for data collected from electronic devices, this will apply only if you have chosen to share the information to us for these purposes or return a faulty device), services, outlets that sell PMI products, events, PMI digital touchpoints and the information that we (or our affiliates) provide to our customers.

This will typically be a combination of information that you provide to us (such as information from your communications with Touchpoints; or demographic information, e.g. your age, gender and the city where you live); information that we collect from your electronic device (which, for PMI electronic devices, will include information about your electronic device); information that we collect automatically; and (where permitted by law) information that we acquire from third parties. Where we have more than one type of data from these categories, we may combine them to improve our analysis.

We use it because we have your consent to do this (these cases will be clear from the context); or because we have a legitimate business interest to analyze and to improve our business performance, PMI products, Touchpoints, outlets and events, that is not overridden by interests, rights and freedoms to protect information about you.

Where we do not base our use of information about you on one of the above legal bases, or where law requires it, we will ask for your consent before we process the information (these cases will be clear from the context).

Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.

Do we use Artificial Intelligence (AI) and Machine Learning (ML)?

We may use artificial intelligence (AI) features to enhance your consumer experience. By way of example, the consumer portal may include a conversational chatbot supported by AI features that answers frequently asked questions and assists you with navigating the portal. The chatbot can help you search for products, manage your account, and provide support.

Additionally, we may use AI features, such as machine learning and statistical algorithms, to support the analysis of your behaviors and interactions with Touchpoints and conduct segmentation and profiling, where permitted by law. This helps us understand and enhance your experience, improve PMI products and our services and tailor them to provide you a personalized experience. By way of example, these AI features analyze various data points, such as purchase history, browsing behavior, and demographic information, to determine, based on similarities between consumers’ patterns and behaviors, which segment you may belong to and allow our teams (human intervention) to use this information to undertake relevant and personalized actions that are most relevant to you.

We may also use AI capabilities to assist us in preventing fraudulent actions. Other uses of AI features may be applied to assist you to conduct technical diagnostics, including firmware updates, regarding your device when you approach us in one of our touchpoints.

Lastly, we may also use AI features in our interactions with you to support customer care services, improve their efficiency (including your satisfaction with these services) and quality reviews of customer care interactions. This helps us to measure your customer experience, provide the best possible customer care support and identify areas for improvement. For example, by analyzing such interactions, we can better understand common issues and trends, leading to higher customer service and satisfaction.

Who do we share your information with, and for what purposes?

We may share information about you with:

  • PMI affiliates;
  • third parties who provide PMI affiliates or you with products or services;
  • PMI affiliates’ carefully selected business partners (in areas connected with PMI products) so that they can contact you with offers that they think may interest you, in accordance with your preferences; and
  • other third parties, where required or permitted by law.

We share information about you with others only in accordance with applicable laws. Thus, where the law requires your consent, we will ask for it before sharing your data.

FIND OUT MORE

Sharing data with PMI affiliates

 

  • Information about you will be shared with Philip Morris Products S.A. (based in Lausanne, Switzerland), which is the place of central administration of personal data processing for PMI affiliates. Philip Morris Products S.A. processes the information about you for the purposes described in this notice as a data controller, for example to improve PMI products and our services.
  • Information about you will be shared with the PMI affiliate established in the country in which you live for the purposes described in this notice.
  • Information about you will be shared with the PMI affiliate responsible for overseeing the operations in the country we operate (and from which we have collected your personal information).
  • Information about you may be shared with other PMI affiliates that you contact (for example, if you travel and you want to know where to buy PMI products in a new country, or where to find service or support for PMI products) in order to enhance our services to you.

Details of PMI affiliates and the countries in which they are established are available here.

 

Sharing data with Third Parties

 

  • To the extent permitted by applicable law, we may share information about you with third parties who provide us, PMI affiliates or you with products or services (such as payment service providers, delivery providers, retailers, market research agencies, product demonstrators, advisers, information services providers and age verification providers).
  • To the extent permitted by applicable law, we may share information about you with carefully selected third party business partners (in line with the kind of thing you might associate with PMI products, for example because they have similar or complementary image, style, or functionality) so that they can contact you with products, services and promotions that they think may interest you, in accordance with your preferences.
  • We may share information about you with other third parties, where required or permitted by law, for example: regulatory authorities; government departments; in response to a request from law enforcement authorities or other government officials; when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; and in the context of organisational restructuring.

 

Where might information about you be sent?

We transfer information globally to PMI affiliates and and to our service providers and, as applicable, PMI affiliate’s service providers.  Your data may therefore be transferred to other countries as part of our standard operations.  Whenever we transfer your data abroad, we will limit access to your data only to those who need to see it, process your data in accordance with our internal data protection standards, protect it appropriately and only transfer information in compliance with applicable data privacy laws.  When data is transferred, we will require the receiving party to keep your data confidential, delete it when it is no longer required and act in accordance with this privacy notice.  Accordingly, information about you may be transferred outside of your jurisdiction.  For example, if you live in the EEA, UK, Australia or Japan, your data may be processed in another country.

 

FIND OUT MORE

When using information as described in this notice, information about you may be transferred either within or outside the country or territory where it was collected, including to a country or territory that may not have equivalent data protection standards.

In all cases, appropriate security measures and safeguards for the protection of personal information will be applied in those countries or territories, in accordance with applicable data protection laws.

How do we protect information about you?

We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide.  However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we use reasonable means to protect your information, we cannot guarantee its absolute security or confidentiality.


Where we have given you (or where you have chosen) a password which enables you to access any portal or account, you are responsible for keeping this password confidential. We ask you not to share your password(s) with anyone.

If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately. Please raise your concern by contacting us and we will investigate the matter and update you as soon as possible on next steps.

 

How long will information about you be kept?

We will retain information about you for the period necessary to fulfil the purposes for which the information was collected in accordance with our internal data retention standards. After that, we will delete it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete the information. Also, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.

FIND OUT MORE

Typically, we retain data based on the criteria described in the table below. Where these periods conflict with legal obligations, for example, for tax and accounting purposes, to either retain the information for a set minimum period of time, or to delete it after a set maximum period of time, we apply those set periods instead.

1-     sending communications to you or targeting communications at you (if you use digital Touchpoints and are contactable)

Most of the information in your communication profile is kept for the duration of our relationship with you; for example, while you continue to use digital Touchpoints, or respond to our communications. However, some elements of your communication profile, such as records of how we interact with you, naturally date and may be inaccurate after a period of time, so we delete them automatically after defined periods (typically 3 years) as appropriate for the purpose for which we collected them.

2-     sending communications to you or targeting communications at you (if you are no longer in contact with us)

If we don’t have any contact with you for a long period (typically 3 years), we will stop sending you communications and typically data are deleted or anonymised. This will happen, for example, if you do not click through to an invitation to an event, log on to a digital Touchpoint, or contact customer care, during that 3 year period. The reason is that in these circumstances, we assume you would prefer not to receive communications from us.

3-     sending communications to you or targeting communications at you (if you are not contactable)

If you have registered to receive communications, but the contact information no longer works, we will retain your details for a period of time (typically 1 year) to allow you to return and correct it.

4-     sending communications to you or targeting communications at you (incomplete registrations)

If you commence registering yourself in a database, but do not complete the process (for example, if you do not complete the age verification process, or you do not accept the Touchpoint’s terms of use), we will retain your details (to allow you to return and complete the process) for up to 30 days, depending on the type of information that is missing.

5-     market research

If you are not registered with us for other purposes (e.g. receiving communications, warranty, customer care), and we use publicly available information about you in order to understand the market or your preferences, we will retain information about you for a short period of time in order to perform the particular market research activity.

If we collect information about you in other market research contexts, we will retain that information:

for the purposes of the individual item of market research for the period reasonably required (typically no longer than 1 year); and

for the purposes of demonstrating fair practices,  for so long as we need to be able to demonstrate that, and we will regularly review whether that purpose has been achieved to determine whether the retention is still required.

6-     purchases, loyalty transactions and warranty

If you purchase goods or perform a loyalty transaction, we will retain details of this for so long as required to complete the sale, and to comply with any legal obligations (for example, for tax and accounting record-keeping purposes and fraud-prevention purposes). If you also register for a warranty for a device, we will retain details of this for so long as relevant to the warranty period.

7-     customer care

If you contact customer care, we will maintain a record of the interaction (including details of your enquiry and our response) and retain it while it remains relevant to our relationship, for example if you need us to replace a device under warranty, or if your recent enquiries are relevant. Temporary records (for example, an automated recording of a telephone call in which you ask us to direct you to a retail outlet) may be relevant only until more permanent records are made and will be retained only temporarily.

8-     system audit and fraud prevention

System audit logs are retained typically for a period of up to 6 months for system recovery and for up to 10 years for fraud prevention.

9-     business analytics

We keep most business analytics data for the duration of our relationship with you as described in the first line of the table above. However, some elements of it, such as some device information (if you choose to share it with us), naturally go out of date after a period of time, so we delete this automatically after defined periods as appropriate for the purpose for which we collected them.

10-  device data

We keep data collected from your device (should you choose to share it with us or return a faulty device to us) for various periods, according to the purposes for which we use it:

product improvement: 5 years (or earlier if you delete your profile)

business analytics: 5 years (or earlier if you delete your profile)

device care including device diagnostics and upgrades: 5 years

demonstrating fair treatment of a consumer: 10 years

11-  age verification

The details you submitted for us to verify your age are deleted once we have completed the process of verification. We operate several processes for doing this and the retention period varies according to the process that is followed, from a few minutes to six months. We also keep some details separately, for fraud prevention purposes – see above.

12-  age recognition using AI (this may be used if you request information about PMI products)

Your image is deleted immediately following the analysis which only takes a few seconds.

What rights and options do you have?

You may have some or all of the following rights in respect of information about you that we hold:

  • request us to give you access to it;
  • request us to rectify it, update it, or erase it;
  • request us to restrict our using it, in certain circumstances;
  • object to our using it, in certain circumstances;
  • withdraw your consent to our using it;
  • data portability, in certain circumstances;
  • opt out from our using it for direct communication; and
  • lodge a complaint with the supervisory authority in your country (if there is one).

We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive.

Some mobile applications we offer might also send you push messages, for instance about new products or services. You can disable these messages through the settings in your phone or the application.

FIND OUT MORE

The rights you have depend on the laws of your country. If you are in the UK, European Economic Area and Switzerland, you will have the rights set out in the table below. If you are elsewhere, you can contact us (see the paragraph “who should you contact with questions?” at the end of this notice) to find out more or look at the specific section for your country below.

1-     to request us to give you access to it

This is confirmation of:

·       whether or not we process information about you;

·       our name and contact details;

·       the purpose of the processing;

·       the categories of information concerned;

·       the categories of persons with whom we share the information and, where any person is outside the UK, EEA and Switzerland and does not benefit from a European Commission adequacy decision, the appropriate safeguards for protecting the information;

·       (if we have it) the source of the information, if we did not collect it from you;

·       (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and

·       the criteria for determining the period for which we will store the information.

On your request we will provide you with a copy of the information about you that we use (provided this does not affect the rights and freedoms of others).

2-     to request us to rectify or update it

This applies if the information we hold is inaccurate or incomplete.

3-     to request us to erase it and in some cases an extension of this right, the right to be forgotten

This applies if:

·       the information we hold is no longer necessary in relation to the purposes for which we use it;

·       we use the information on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all information about you in which case we will respect your wishes);

·       we use the information on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it;

·       the information was unlawfully obtained or used; or

·       to comply with a legal obligation.

4-     to request us to restrict our processing of it

This right applies, temporarily while we look into your case, if you:

·       contest the accuracy of the information we use; or

·       have objected to our using the information on the basis of legitimate interest

(if you make use of your right in these cases, we will tell you before we use the information again).

This right applies also if:

·       our use is unlawful and you oppose the erasure of the data; or

·       we no longer need the data, but you require it to establish a legal case.

to object to our processing it

You have two rights here:

(i)       if we process information about you for direct communication: you can “opt out” (without the need to justify it) and we will comply with your request; and

(ii)     if we process information about you on the basis of legitimate interest for purposes other than direct communication, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.

5-     to withdraw your consent to our using it

This applies if the legal basis on which we use the information about you is consent. These cases will be clear from the context (for example, if you gave your consent using the preference center in one of our apps, you can withdraw your consent by turning off the corresponding toggle).

6-     to challenge certain automated decisions

If we make a decision based solely on automated processing, and that decision produces legal effects concerning you or significantly affects you, you have a right to contest the decision, to request us to have a human review of that decision, and to express your point of view.

This right does not apply if:

(i)   you gave your consent to the decision beforehand;

(ii)   that use of information about you is necessary for entering into; or the performance of, a contract between you and us; or

(iii)  it is authorized by law.

As mentioned above, these decisions will be drawn to your attention at the time, together with information about the logic involved in the decision, as well as the significance and the envisaged consequences for you of such use of information about you.

7-     to data portability

If:

(i)   you have provided data to us; and

(ii)  we use that data, by automated means, and on the basis either of your consent, or on the basis of discharging our contractual obligations to you,

then you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible for us to do so.

to lodge a complaint with the supervisory authority in your country

If you have any complaint, we will welcome the opportunity to resolve it for you directly.  Please consider contacting us via the contact details linked at the start of this notice before contacting a supervisory authority.

If you do wish to contact a supervisory authority,  please consult the website of your country’s authority.

If you are unsure who your jurisdiction’s supervisory authority is, please contact us for further details.

Who should you contact with questions?

If you have any questions, or wish to exercise any of your rights, please contact 800 MYIQOS (694 767) - contact.ae@iqos.com. Contact details will also be given in any communications we send you.

If your country has a data protection authority, you have a right to contact it with any questions or concerns.

Changes to this notice

We may update this notice (and any supplemental privacy notice), from time to time. Where the law requires it, we will notify you of the changes; further, where the law requires it, we will also obtain your consent to the changes.

Last modified July 1, 2025.